├── .github └── yamllint.config.yaml ├── .gitignore ├── .pre-commit-config.yaml ├── .pre-commit-hooks.yaml ├── .pylintrc ├── LICENSE ├── README.md ├── dev-requirements.txt ├── hooks ├── __init__.py └── forbid_secrets.py ├── pytest.ini ├── renovate.json ├── setup.py └── tests ├── secret-fail.yaml ├── secret-fail.yml ├── secret-ignore.txt ├── secret-ignore.yaml.j2 ├── secret-kustomize-pass.yaml ├── secret-kustomize-pass.yml ├── secret-pass.yaml └── secret-pass.yml /.github/yamllint.config.yaml: -------------------------------------------------------------------------------- 1 | extends: default 2 | rules: 3 | truthy: 4 | allowed-values: ['true', 'false', 'on', 'yes'] 5 | comments: 6 | min-spaces-from-content: 1 7 | line-length: disable 8 | braces: 9 | min-spaces-inside: 0 10 | max-spaces-inside: 1 11 | brackets: 12 | min-spaces-inside: 0 13 | max-spaces-inside: 0 14 | indentation: 15 | spaces: 2 16 | indent-sequences: consistent 17 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Sops 2 | .decrypted~*.yaml 3 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | # vim:ff=unix ts=2 sw=2 ai expandtab 2 | --- 3 | repos: 4 | - repo: https://github.com/pre-commit/pre-commit-hooks 5 | rev: v4.3.0 6 | hooks: 7 | - id: check-added-large-files 8 | - id: check-merge-conflict 9 | - id: detect-private-key 10 | - id: trailing-whitespace 11 | - repo: https://github.com/adrienverge/yamllint 12 | rev: v1.28.0 13 | hooks: 14 | - id: yamllint 15 | args: 16 | - -c 17 | - .github/yamllint.config.yaml 18 | - repo: https://github.com/Lucas-C/pre-commit-hooks 19 | rev: v1.3.1 20 | hooks: 21 | - id: forbid-crlf 22 | - id: remove-crlf 23 | - id: forbid-tabs 24 | - id: remove-tabs 25 | -------------------------------------------------------------------------------- /.pre-commit-hooks.yaml: -------------------------------------------------------------------------------- 1 | - id: forbid-secrets 2 | name: Check for unencrypted Kubernetes secrets in manifests 3 | description: "Forbid files containing unencrypted Kubernetes secrets to be commited" 4 | entry: forbid_secrets 5 | language: python 6 | files: ((^|/)*.(ya?ml)$) 7 | -------------------------------------------------------------------------------- /.pylintrc: -------------------------------------------------------------------------------- 1 | [MESSAGES CONTROL] 2 | disable = bad-continuation, duplicate-code, import-error, missing-docstring, multiple-imports 3 | 4 | [FORMAT] 5 | max-line-length = 150 6 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 k8s@home 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # sops-pre-commit 2 | 3 | [![pre-commit.ci status](https://results.pre-commit.ci/badge/github/onedr0p/sops-pre-commit/main.svg)](https://results.pre-commit.ci/latest/github/onedr0p/sops-pre-commit/main) 4 | 5 | Sops [pre-commit](https://pre-commit.com/) hook. 6 | 7 | * Check for unencrypted Kubernetes secrets in manifest files. 8 | 9 | ## Requirements 10 | 11 | * Pre-commit 1.2 or later 12 | 13 | ## Installation 14 | 15 | Add the following to your `.pre-commit-config.yaml` 16 | 17 | 18 | ```yaml 19 | - repo: https://github.com/onedr0p/sops-pre-commit 20 | rev: v2.1.0 21 | hooks: 22 | - id: forbid-secrets 23 | ``` 24 | 25 | ## License 26 | 27 | This software is licensed under the MIT license (see the LICENSE file). 28 | -------------------------------------------------------------------------------- /dev-requirements.txt: -------------------------------------------------------------------------------- 1 | pre-commit 2 | pytest 3 | pytest-cov 4 | coverage 5 | -------------------------------------------------------------------------------- /hooks/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/onedr0p/sops-pre-commit/06c06d1780cb9f19e82f5e42bfc74ecc9c431b6a/hooks/__init__.py -------------------------------------------------------------------------------- /hooks/forbid_secrets.py: -------------------------------------------------------------------------------- 1 | from __future__ import print_function 2 | 3 | import argparse 4 | import re 5 | import sys 6 | 7 | SECRET_REGEX = r"^kind:\ssecret$" 8 | SOPS_REGEX = r"ENC.AES256" 9 | KUSTOMIZE_REGEX = r"^\$patch:\sdelete" 10 | 11 | def contains_secret(filename): 12 | with open(filename, mode="r") as file_checked: 13 | lines = file_checked.read() 14 | kubernetes_secret = re.findall( 15 | SECRET_REGEX, lines, flags=re.IGNORECASE | re.MULTILINE 16 | ) 17 | if kubernetes_secret: 18 | ignore_secret = re.findall( 19 | SOPS_REGEX, lines, flags=re.IGNORECASE | re.MULTILINE 20 | ) or re.findall(KUSTOMIZE_REGEX, lines, flags=re.IGNORECASE | re.MULTILINE) 21 | if not ignore_secret: 22 | return True 23 | return False 24 | 25 | def main(argv=None): 26 | parser = argparse.ArgumentParser() 27 | parser.add_argument("filenames", nargs="*", help="filenames to check") 28 | args = parser.parse_args(argv) 29 | files_with_secrets = [f for f in args.filenames if contains_secret(f)] 30 | return_code = 0 31 | for file_with_secrets in files_with_secrets: 32 | print( 33 | "Unencrypted Kubernetes secret detected in file: {0}".format( 34 | file_with_secrets 35 | ) 36 | ) 37 | return_code = 1 38 | return return_code 39 | 40 | 41 | if __name__ == "__main__": 42 | sys.exit(main(sys.argv[1:])) 43 | -------------------------------------------------------------------------------- /pytest.ini: -------------------------------------------------------------------------------- 1 | [pytest] 2 | addopts = --cov=pre_commit_hooks --cov-report term-missing 3 | -------------------------------------------------------------------------------- /renovate.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": [ 3 | "config:base" 4 | ] 5 | } 6 | -------------------------------------------------------------------------------- /setup.py: -------------------------------------------------------------------------------- 1 | from setuptools import find_packages, setup 2 | 3 | setup( 4 | name='sops-pre-commit', 5 | description='Check for unencrypted Kubernetes secrets in manifest files', 6 | url='https://github.com/onedr0p/sops-pre-commit', 7 | version='2.1.0', 8 | 9 | author='Devin Buhl', 10 | author_email='devin.kray@gmail.com', 11 | 12 | platforms='linux', 13 | classifiers=[ 14 | 'License :: OSI Approved :: MIT License', 15 | 'Programming Language :: Python :: 2', 16 | 'Programming Language :: Python :: 2.6', 17 | 'Programming Language :: Python :: 2.7', 18 | 'Programming Language :: Python :: 3', 19 | 'Programming Language :: Python :: 3.3', 20 | 'Programming Language :: Python :: 3.4', 21 | 'Programming Language :: Python :: Implementation :: CPython', 22 | 'Programming Language :: Python :: Implementation :: PyPy', 23 | ], 24 | 25 | packages=find_packages('.'), 26 | entry_points={ 27 | 'console_scripts': [ 28 | 'forbid_secrets = hooks.forbid_secrets:main', 29 | ], 30 | }, 31 | ) 32 | -------------------------------------------------------------------------------- /tests/secret-fail.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | password: Y2hhbmdlLW1l 4 | user: YWRtaW4= 5 | kind: Secret 6 | metadata: 7 | creationTimestamp: null 8 | name: basic-auth 9 | -------------------------------------------------------------------------------- /tests/secret-fail.yml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | password: Y2hhbmdlLW1l 4 | user: YWRtaW4= 5 | kind: Secret 6 | metadata: 7 | creationTimestamp: null 8 | name: basic-auth 9 | -------------------------------------------------------------------------------- /tests/secret-ignore.txt: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | data: 3 | password: Y2hhbmdlLW1l 4 | user: YWRtaW4= 5 | kind: Secret 6 | metadata: 7 | creationTimestamp: null 8 | name: basic-auth 9 | -------------------------------------------------------------------------------- /tests/secret-ignore.yaml.j2: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: ca-key-pair 6 | namespace: {{ cert_manager_namespace }} 7 | data: 8 | tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURvRENDQW9pZ0F3SUJBZ0lVYXRUWVNIK1lUMVJvbXVGekF2clFRWGtsQ0Vrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2FERUxNQWtHQTFVRUJoTUNWVk14RHpBTkJnTlZCQWdUQms5eVpXZHZiakVSTUE4R0ExVUVCeE1JVUc5eQpkR3hoYm1ReEV6QVJCZ05WQkFvVENrdDFZbVZ5Ym1WMFpYTXhDekFKQmdOVkJBc1RBa05CTVJNd0VRWURWUVFECkV3cExkV0psY201bGRHVnpNQjRYRFRJd01EY3hNREUxTWpFd01Gb1hEVEkxTURjd09URTFNakV3TUZvd2FERUwKTUFrR0ExVUVCaE1DVlZNeER6QU5CZ05WQkFnVEJrOXlaV2R2YmpFUk1BOEdBMVVFQnhNSVVHOXlkR3hoYm1ReApFekFSQmdOVkJBb1RDa3QxWW1WeWJtVjBaWE14Q3pBSkJnTlZCQXNUQWtOQk1STXdFUVlEVlFRREV3cExkV0psCmNtNWxkR1Z6TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF0MmZFNUhRSm8vNGIKRjNqN1JPZzJ6REhNdEhLd0pjVEZZYkZZMGpIWGZTVWJTS1ZObzUrNTNqQ29SdFFWd1FyYU12QnozMGRJbzd6agpMcE1VQU5aRStacXQrbkk5RWtzMVphS1NKNmYvNXpmZDEzZ1ZOTkgzN05KVUVKV0NHTnVoUmVFNDRpcUtmSDV3Ck9iZlJKL2ZCYVQ5cW9DQW9tWVcvV1JUS0t5ancreFBPeWdZZERsUk9jdzBSRmdieDkvWk5GS1lYR3BQcmdyR0wKWW45VWZXZG92WHozbys3N1piNm9SRWdBVkNDUTBaN0VEYUpjd3RCZkxOV0pWbGRET2dJNFpmWDBaNnNBN2lobgptQ1hHenJGd25JaVhaajUrdjk0ejF0SThOazlvL1RFbG9EdlJnamJNblRxQ2hGa1ZROHhtaXMwckZmMVprN3ZwCjNOMWFtY2hBQVFJREFRQUJvMEl3UURBT0JnTlZIUThCQWY4RUJBTUNBUVl3RHdZRFZSMFRBUUgvQkFVd0F3RUIKL3pBZEJnTlZIUTRFRmdRVTFEaTE0aVpKWGczajNObHdjenZFR1dwRFN2SXdEUVlKS29aSWh2Y05BUUVMQlFBRApnZ0VCQURkR1FDSFcwNkFVZUo4alM3cURPM2F1TG4xTHE0c1JCWHBoVUZ6TGRyMi9rUUlZd1BtcTRmb09RMjBwCitLTVUyanpmR0VHd3ZOU0p2QnphNHRGS1NiZHRpeFI3RmsyREdPLzc5a3ZPZ2o3UVRrUUpkUzNwaWtSc09EMlUKaytpa09qL2wyTkRSRFVXZlh4RjRjeVZTZ0VubDExUUVDa0JrUHBIYlIrUHQxYWhnMGVRMElnL0MvZC8vN2Vtegp3ZWNUZjBsQkc1UmszaURHdkxhaHdTek9jQWhSY1BxVW9idCs1bTVycmp0R3BrTFNQOTBzVko2TTZ3ZE43dGR4CkNpTktWWGRZaHBZWmUrQ1hEQ2lRR0NLVHE5NHJPbGptVmh5Z0FKWjlBOERVOWVZRmVOci9oOW84c2JYNFlzcU0KV3YwREkyQldlQ3k3MmlXZXErNHkwTENKSzQ4PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== 9 | tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBdDJmRTVIUUpvLzRiRjNqN1JPZzJ6REhNdEhLd0pjVEZZYkZZMGpIWGZTVWJTS1ZOCm81KzUzakNvUnRRVndRcmFNdkJ6MzBkSW83empMcE1VQU5aRStacXQrbkk5RWtzMVphS1NKNmYvNXpmZDEzZ1YKTk5IMzdOSlVFSldDR051aFJlRTQ0aXFLZkg1d09iZlJKL2ZCYVQ5cW9DQW9tWVcvV1JUS0t5ancreFBPeWdZZApEbFJPY3cwUkZnYng5L1pORktZWEdwUHJnckdMWW45VWZXZG92WHozbys3N1piNm9SRWdBVkNDUTBaN0VEYUpjCnd0QmZMTldKVmxkRE9nSTRaZlgwWjZzQTdpaG5tQ1hHenJGd25JaVhaajUrdjk0ejF0SThOazlvL1RFbG9EdlIKZ2piTW5UcUNoRmtWUTh4bWlzMHJGZjFaazd2cDNOMWFtY2hBQVFJREFRQUJBb0lCQUJZd2R0RFEvUzJiRzduKwpTQ0F4SEJnZVdrN21wVXNjZ0dqdVpQbWhVQm55K0ZjVXNNMEFFU1BCclVwTWRJbFRmOHl6N01EeHhlY1Jma2J2ClFuZExkVExodFBUZEIyaUVNdVNtQTVyS3A1cFkxdjB2cVJrbjRpQUQzbW5YUE5NM0YwNzJEY1RITXRRWEZBclgKbzNWN2N5b0JveXZXV0RNaXpHREJ0Q2YrbnhFeFFzS0lLUGFxRzlDVWZlSU95RVgzRXJ6QWo3b3lnSXFLZGozbgpFbVBzbThrWDVROW9iOUZwd3FKNkxMTzcxTklQZnpaOUNLSXpSYzBNU3grL3hPYmdKSlJCNmtZTXpjWkloQ1JBClNNclBsYXZLMEVzMHpoTnIyc05aZHBlSmRzWGk5YURwZjhMOTEvdFpJeEpSMEdSUXpEZXhBN2FWdk8vVUo0N0YKOXNXUVBUVUNnWUVBeXNvTm01VHdkNWZqRzk3NXVRa3pGQUgrRGVCNXBlNTBOMkpyN01neWZsVm8zZlJrSTFKKwpsZXlyUnRIempKSzlqeEVtdVJ0YnIvUWZ3MGRUNnhRSnVJSmk3Vmlld3NPNUgzeWtwdytkbm9jVUhVVDhFWEpVCnpLSzRmSGo1SjFrNHBmaHlnNFBJZ0YxMFF1anhJRlc3Q0R3UERJRStuZm5ZczBJZ1U3SkV0OU1DZ1lFQTU0ZWsKTUltWWMyeHhoYTM1U25qd0ZCeEVwSUF3ZGdvdXBROWVsMHhmVVRkdTJsUnA1NHVZaVFVWURhNjJ6RE1kL21QagppSTdqaGl6TEU4VmU4OWh6QXljeTNIRVJPSHNETkhQVG5WN0phcmp3T29aWWIvRnM2NkxtazZMY05BbGI3TER6Cm5FNGdkTEt0cWpQVnBMbmF1T3VOQitXQzY5bm9xRUZpZWxnUWVGc0NnWUIxZGk0RnBYTFlReEZZem9JbHJPOTYKTW1FL0ZueEFJZXdOUEtRNUJnbEJaaVdWRXYrQitrRzZnOWo5NzVTOEl5OUxsR3F5bytjcTl5UUN6K2tLN0pObwozWldCMTJnMmRucGZnNm8zM25LMUpaY0FFVHBVdkwzanZvbFFDQjZCclV1RHozSTlQWE5BNzJEdGROSmVvV254CnJpQWxaU09wQzlSNm1OM3l2UHJTNHdLQmdCQS9WWWRPY0pOUS9kcHFyZjdLNDlZVmNiKzFlekVkWDg2WGVJVFgKaUN6VDNnU1dQZVJReUlCOUNnWVR4NklteUNrTTYyK3V6MHFnSkJRY0dxQzBCTVlvM3duWEtXVTBSTEpPbW9BRgpvYzdLY1prNXlrVDR4VEwzK0lSTnZuUXNYL1lKS045RUlFVHdNUDJycTRkbXYzR1FuaEg2eWlndzM0SEhMTmozCkN4alhBb0dBSjBUNkN0c1c2dEVpYUI5bnc4enI3M2xkMDhraDZSL3B4VHF5c2diNERFTmptd2dndUFoMlJSZkwKYVg3eTNqSUNOTFBjWEFOYlB0QmYrQkRBTTl0UTEzMk5hYzg3N016RHRVSyswem9CWWtwWGM4Rkd4akVuTzc5RQp2MC9vT2wzR2RaWnNJSXhLblcvVlVmYjJydGY1RWgyQytOY1FpWkNXZm5kWkthMXR4WjQ9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== 10 | -------------------------------------------------------------------------------- /tests/secret-kustomize-pass.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: postgres-secret 6 | $patch: delete 7 | -------------------------------------------------------------------------------- /tests/secret-kustomize-pass.yml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: mysql-secret 6 | $patch: delete 7 | -------------------------------------------------------------------------------- /tests/secret-pass.yaml: -------------------------------------------------------------------------------- 1 | # yamllint disable 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: example 6 | stringData: 7 | EXAMPLE: ENC[AES256_GCM,data:Y4nfpPpucxeNpAAMMePkhwia1QicYay1JEOOf2jrSmov0UGXZfndgXJmt7snzmxkqyHFoZX8N+Cpv6pEhu2BzUiKaAt85V2ugq9y4WWmNj4suNAroP4bvS0eC+lB3xc92wDFOjh7ogZyuykYA3sQTlSjOoA+Z1uhQMMoaoQu,iv:xrMWtO7aPHr9q2MX9i1jEUpZMtkcSs0KHLtNvEhyH9k=,tag:rloLPaXG9j5fB7R/Cbzuzg==,type:str] 8 | sops: 9 | kms: [] 10 | gcp_kms: [] 11 | azure_kv: [] 12 | hc_vault: [] 13 | age: [] 14 | lastmodified: "2021-04-13T00:49:47Z" 15 | mac: ENC[AES256_GCM,data:c+LD6ZbMjpKLrV2XsG4pz3f88ZwQ0xYNDis+cqvPzCIun517SqaXLQo6FR3FRjj+5H/fhYShTwhBjYxFM0Axfe3ccpamELrCmCOeOSABI1EvOph1VsL5fL6MhxBKUV02I3FHjwCWPSNI3T2GTIuKyEzEzQ/uzHbBisVZ0L+j81k=,iv:Vr4VBIfJrcbEFZjJJc4j8Zk128qMQ23xlafHTyZAp84=,tag:IF93M1sFQcCD8p6u0gqzlQ==,type:str] 16 | pgp: 17 | - created_at: "2021-04-12T17:08:42Z" 18 | enc: | 19 | -----BEGIN PGP MESSAGE----- 20 | 21 | hQIMAwfpRihAg/tGARAA0XXtTCCkZjUccud57VF8vqqen1K+YJIKXAkALQ7m+NvQ 22 | sqtnMEzXB5+eeT0ne35YZIEYiP8BCnQycn4YCxg3tl7uqIe+jCxt/gtzvJlt5xMS 23 | skjI3OWDfRuuMMQQqzeRQwbiwT0qUd199opb1TBXV3doSvpvhqwUapJ5+eum+Swy 24 | x0bb+x+dqpZw5AZf1dhVYN/KTACHkrlOgFVlldI4RYIt/0yBLg5gb4oco2oJQLhM 25 | NpqorNXe/qt4L21v3ZdH3relXQbIFnjv0fIIWfsSSbpJYvWFGbr8p8bMZ8fdMiIE 26 | siDP03DfsXi0KhrDV88hBPg9eYjnRvGzZGWyUY1DZVIb6Lx689YEveXgHxoMhaH/ 27 | XWgiYm616ZrqhKEfurqKSxdZqqe64CxR0wnrMXEIrYpoi98Pxu9dfuVAWTowtBma 28 | ufIm9bRUWOclJUt7LnZ0eXL6h6/HvPXVdlaCiYhc7WjW3VdCJsf2Te5ADIwSP6UZ 29 | yQEWmXJBxDkPbos74c3oPEmf+UzH4BNx2azq+lwEBFF/LsMez+fz0B2cdE6RL9Ub 30 | 418C64rQks3OyXDHanRXAEX+CpyKqOAM1+ag/rR/tcOtInQtcH5RmS4ahSEXSOLx 31 | 17u9lZQs3XbAudrv8ZSYSYRmhhcPF4EutR6etg+rl7+eX3UZ4c4rlH8zjekBNzbS 32 | XAEEbNB8h8A2cqi/h3AaEjn5jwMbWXWDwAn9cMpKsX7q1eKDjF1sKOYPjenxWFGC 33 | ufN7XNIW5gxfIV3MAS04L37RAy/G5hYpigwbP2xDGUgJqYSAecfNV0uiDRkj 34 | =r1XG 35 | -----END PGP MESSAGE----- 36 | fp: 673F9E296113BAE74D9954A2A92853A46EA01574 37 | encrypted_regex: ((?i)(pass|secret($|[^N])|key|token|^data$|^stringData)) 38 | version: 3.7.1 39 | -------------------------------------------------------------------------------- /tests/secret-pass.yml: -------------------------------------------------------------------------------- 1 | # yamllint disable 2 | apiVersion: ENC[AES256_GCM,data:EB4=,iv:OmAbqRBqdMhIyBFpaAvxGmEQYaZjLijMPEo5ZYc0ySU=,tag:vDfHvfO/WIFXM+hxHPVZFA==,type:str] 3 | data: 4 | password: ENC[AES256_GCM,data:mTRYYopHASkVUB2E,iv:JacQOg+UMokmgnf8x7UM7sBT6zfqdVPXNYaBmbel094=,tag:nLDJp9DD8u8KJoP+0eV/Cw==,type:str] 5 | user: ENC[AES256_GCM,data:esGa8mFfoso=,iv:AvYQ6esRdHgHoLdFWUWNCjMg29D6BYZnrCRQ8Y5GsjY=,tag:3LUeuLG7pxpgLBZYfn68xg==,type:str] 6 | kind: ENC[AES256_GCM,data:jSSHvCrN,iv:TugXD0VM+DSuj8T8kI0J4KJC7CDSDoJ7x51ZYBs+pCw=,tag:t0SMsdjbJ2+ITayIdFSuJA==,type:str] 7 | metadata: 8 | creationTimestamp: null 9 | name: ENC[AES256_GCM,data:/Axsfljw/5ppcQ==,iv:SSrGABB8b4DP1x+6gNig5epkr5zvFcJbEyMiVDhIPPc=,tag:SZsiRFh73gRo7HoI36DbsA==,type:str] 10 | sops: 11 | kms: [] 12 | gcp_kms: [] 13 | azure_kv: [] 14 | hc_vault: [] 15 | age: [] 16 | lastmodified: "2021-04-13T12:33:20Z" 17 | mac: ENC[AES256_GCM,data:AEU+d6nM5PYEu5m+xPrDGWf8JQA47is0o6yAXoL05Hv5FKAhacmuOEvrze+W3yb/v68rj5i4BT3EuLkLm70cWw+WqLsugtjaWcdOvGCTyFEBMyPKfp4cBtGhF/X+iVsB0i9hhfOwZkZ1EtCTwVTjGfGvg+YX1rz+9ZGgg1EGpGA=,iv:T86Jgobt/Ov554hsZQKvGdcEitNUU75oZuzU1ItMWMs=,tag:pA8co3VkKgCGCrKzYRlcyQ==,type:str] 18 | pgp: 19 | - created_at: "2021-04-13T12:33:19Z" 20 | enc: | 21 | -----BEGIN PGP MESSAGE----- 22 | 23 | hQIMA//CYHpV/IETAQ/+N1fzCqcfxnChiwfig6gE8bNJZ6RSyYhsl9iDK1ePQIPj 24 | 93ulRKK2y7741ylPBB4tRXTD8rEYC97VkNSN291CFC818jhFad8L5qiQfcesmUB/ 25 | tl8HnX8MsRb2rjn2PlEugL5XqmXtDCFCMZ1T2RAX1zpN34BUCDTTdD0kzXgwDHZL 26 | KRB6rWwnG3SEmxzMcq5Nev+E3m5Be8BggFOMzy7Mdb/NDyNybV/dyOz8RhgLrfFx 27 | qUG7E7tWWVMksLfs4PB3JkysTRhSJpy2VV2FpaxqIFsTHLVFxM587b64b/yqmpGY 28 | f8pOw4heItbgtHrFOXjLhMwZYHBnSEdimGq/V13dr7XTmvU8w4pytU8cUSJ/UhVZ 29 | IdVUbHQo0Yw+947wjDWVVn2XsixNn5vyn2ffMdvngL5QLrVL5tlqNTKElStDRpWj 30 | 0/+yt/bXBP7m8OeEicAwaLLMHCix41oWe950/MM/peEB6giS2ONnh28zv12D05ub 31 | JNgON00+6AJQE5ztlxNORtND9miXGOGqk1P27BQWy7cOd1cQMHgTCB1RmPkfqApD 32 | 1lzO2JHfoFDlbRmWJAkoCQnSONut7pwlQMoyh1iEA0LPCkuqaHrNEXkQZh5S3ubT 33 | wcgrU2OV+SUpUkTXTFlRNCLucFufnelsAvSAMNVyiJM8fHQ0hTC9ttMqSsWm2n3S 34 | XgEXnY4f2yXApFS+LYWmht+ENrl44u8WMFHShc+h+URnqcMX1DaxnEzUW1BC+ykV 35 | 5Q8jN0acUstjvP4VnGDCihI/+ADQ2f/TKDOcUP80xf3PLTqQiXL3AnvZsisWAAk= 36 | =G3Gh 37 | -----END PGP MESSAGE----- 38 | fp: A54D8FB506C103352E67737587CB975CFF2E7D8F 39 | unencrypted_suffix: _unencrypted 40 | version: 3.7.1 41 | --------------------------------------------------------------------------------